Wireshark-commits: [Wireshark-commits] master-2.2 4f71536: ISMP: fix tuple decoding
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark
Commits:
4f71536 by Peter Wu (peter@xxxxxxxxxxxxx):
ISMP: fix tuple decoding
EDP_TUPLE_HOLD dissection was broken due to a length parameter mixup in
v1.99.1rc0-224-g6720c80bab. The TLV length calculation was changed in
commit ed5453d892, but the only pcap I could find for which it made a
difference includes the TL lengths in the length field.
Since commit 067a076179, the IPXNET type was wrongly decoded, fixed now.
Check IPX address length to avoid a buffer overrun (read) in
get_ether_name by at most 5 bytes.
Bug: 4943
Bug: 14672
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6451
Change-Id: Ia99ab15578ecae6d5a3ec22989507d64f9926933
Reviewed-on: https://code.wireshark.org/review/27554
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit e67283ddca70a7652b7dd41ef8883ee3278501d0)
Reviewed-on: https://code.wireshark.org/review/27925
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 672d882 tvbuff_zlib: reject negative lengths to avoid buffer overrun
adds 4f71536 ISMP: fix tuple decoding
Summary of changes:
epan/dissectors/packet-ismp.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)